Consumer Financial Protection Bureau Should Define ‘Abusive’


This post is the sixth in a 10-part series on reform proposals for the Consumer Financial Protection Bureau. See below for previous posts.

The Dodd–Frank Act was a mammoth overhaul of financial services regulation. Along with creating an entire new consumer protection agency, the Consumer Financial Protection Bureau, it also created an entire new consumer protection standard, a prohibition on “abusive” acts or practices. This new prong is a part of a broader prohibition on “Unfair, Deceptive or Abusive Acts or Practices,” otherwise known as UDAAP (12 U.S. Code § 5531).

The terms “unfair” and “deceptive” have been used in the context of government regulation for several decades, under the guise of the Federal Trade Commission, and are well known to the regulated community. Since its inception, however, the “abusive” standard has suffered from a lack of clarity.

The new standard is particularly confusing because it is both enormously broad and vague. Indeed, this may reflect the tendency of governments to prescribe overly broad powers in financial regulation. As one Harvard Law Review note put it, “If the key anxiety of administrative law is that power might be exercised arbitrarily, the worry of financial regulation is that no power will be exercised at all.”

Further, Dodd-Frank distinguished abusive practices from those that are unfair and deceptive without clearly explaining how they differ. This has caused a great deal of confusion over what “abusive” means exactly. For example, former CFPB Director Richard Cordray asserted that while he and the bureau were not sure of what “abusive” entailed, a good business ought to know what constituted abusive behavior and avoid engaging in it. He also suggested that an act or practice that is perfectly fine with respect to one consumer may be abusive with respect to another, and it was the responsibility of the firm to discern the difference, stating, “the prong of the abusive definition is, in fact, situational and somewhat subjective.”

This has led to the standard being labeled “the most feared word in Dodd-Frank”—and for good reason. The bureau has relied upon UDAAP as its primary enforcement tool over the years, in part because there are a broad range of penalties, including civil fines of up to $1 million per day.

After the passage of Dodd-Frank, industry representatives encouraged the bureau to prospectively define the standard in detail, but the bureau refused. Instead, the bureau has relied on ad hoc enforcement actions to flesh out the details, a method known as “regulation by enforcement.” This is not how regulatory agencies should operate. While under the landmark Supreme Court case Chenery II, the choice between rulemaking and ad hoc decision-making may remain the exclusive choice of the agency, it is far from the best practice in declaring new policy. Regulated parties deserve clear, predictable rules that are promulgated in a transparent way, making it obvious what a firm may, must, or shall not do under the law. This is crucial to upholding the rule of law. As Peter Wallison wrote in his book “Judicial Fortitude,” referring to the bureau’s failure to define “abusive” by rulemaking:

Enforcement actions without an underlying set of rules is a derogation of the rule of law, since a regulated firm can have no idea what activities might constitute abuse and thus no way to modify its behavior.

A rulemaking to clearly define the contours of “abusive” and the UDAAP standard would beneficial to all—industry, consumers, and the bureau itself.

Despite the advantages of a rulemaking to define the term “abusive,” some prominent consumer finance scholars consider an abusive rulemaking to be redundant, given that in practice, the bureau has enforced the standard in a similar way to the unfair and deceptive standards. However, this drastically undersells the importance of a rulemaking.

To start with, even if “regulation by enforcement” has had a limited impact in practice, which it has not, it is far from the best means of announcing new policy. Failing to properly inform firms what acts or practices are illegal before you sue them is far from regulatory best practice.

Second, enforcement is but one tool in the bureau’s arsenal. As former Director Cordray noted, the bureau may utilize the abusive standard during the supervision process. While behind the scenes, these examinations can still be detrimental to the regulated community if the bureau was to unreasonably require a firm to act in a certain way. The Obama administration’s Operation Choke Point, whereby government regulators tried to cut off the banking services of legal businesses, is a case in point.

Third, the bureau has sought to utilize the abusive standard aggressively in rulemakings. One of its most contentious rules, the payday loan rule, relied heavily on a broad interpretation of what “abusive” conduct entails—such as loans that exploit consumers’ “optimism bias”—and was controversial precisely because of this reliance.

Lastly, there is no guarantee that a future bureau will not attempt to broaden the scope of the standard. Indeed, one defining feature of administrative agencies is that they seek to broaden their own authority over time, and there is evidence that the bureau has begun to realize a broader application for the standard in enforcement actions. The Bureau has only recently brought enforcement actions based solely on the abusive standard, such as against Zero Parallel, LLC and Aequitas Capital Management, as opposed to the other UDAAP prongs. As one scholar put it, “while the evolution of the abusive standard might halt for the foreseeable future, there is always the danger of its resurrection by a future administration.”

The case in favor of rulemaking over ad hoc enforcement is compounded when considering just how broad and vague the statutory definition of abusive is. Indeed, the statute as written is so vague that it is likely unconstitutional.

As one court noted in the case CFPB v. ITT Educational Services, an unconstitutionally vague law is any statute that “fails to provide a person of ordinary intelligence fair notice of what is prohibited, or is so standardless that it authorizes or encourages seriously discriminatory enforcement.”

The abusive standard meets this definition. Indeed, then-Harvard University law professor Elizabeth Warren failed to provide a definition when she helped create the bureau back in 2010. The former director of the bureau, Richard Cordray, professed in congressional testimony that he did not know in any detail what the standard entailed and that it was “somewhat subjective.” Former acting Director Mulvaney expressed a similar sentiment. Sen. Chris Dodd (D-CT), the co-author of the Dodd-Frank Act, admitted on the Senate floor that he did not have a clear understanding of what the law entailed, saying ‘‘I have never claimed our proposal of consumer protection is perfect. I acknowledge the word abusive does need to be defined, and we are talking about striking that or making it better.’’

If the legislative authors of the bureau and the bureau’s directors do not know what the term “abusive” entails, then surely no “ordinary person” would be deemed to have fair notice of what is prohibited. This is a violation of the due process clause by, as Justice Gorsuch wrote in Sessions v. Dimaya, “leaving the people in the dark about what the law demands and allowing prosecutors and courts to make it up.” Furthermore, allowing the bureau to “shap[e] a vague statue’s contours through their enforcement decisions” is an example of impermissible delegation of legislative power to the executive, as Congress failed to lay down the kind of “intelligible principle” to guide the agency’s discretion that the Supreme Court has required.

Nevertheless, due process challenges have not succeeded in court, such as in ITT Educational Services. In that case, the district court judge ruled that the statute provided the “minimal level of clarity that the due process clause demands.”

There are significant flaws in the ITT decision. In part, the court reasoned that because Congress intended for the term to “flexible,” it was therefore not unconstitutional. But Congress cannot violate constitutional rights, whether intentionally or accidentally. As the Supreme Court said in Meyer v. Nebraska, “[a] desirable end cannot be promoted by prohibited means.” And as Justice Gorsuch recently wrote in Sessions v. Dimaya:

Vagueness doctrine represents a procedural, not a substantive, demand. It does not forbid the legislature from acting toward any end it wishes, but only requires it to act with enough clarity that reasonable people can know what it is required of them and judges can apply the law consistent with their limited office.

The district court’s unwillingness to have Congress further clarify the term “abusive” means that it is now incumbent upon the bureau to provide more than “minimal clarity” in its enforcement of the statute. As a Mayer Brown legal analysis put it:

This “I know it when I see it” approach naturally grants the CFPB the maximum flexibility to bring enforcement actions, while granting industry participants the minimum level of notice about what is required of them.

Former acting Bureau Director Mick Mulvaney vowed to put an end to this kind of “regulation by enforcement,” a cause that the Director Kraninger is also committed to. The abusive standard—if it is to exist—must be defined via rulemaking, rather than determined through enforcement. Once the bureau finalizes its interpretation through promulgating a rule, then the regulated community can be considered “on notice” of what the law requires. Until then, however, they are largely left in the dark.

Previous posts on reform proposals for the Consumer Financial Protection Bureau: